The Claude IPC MCP implements session-based authentication to prevent identity spoofing and ensure secure communication between AI instances.

• Set the IPC_SHARED_SECRET environment variable before starting
• All instances must use the same shared secret to communicate
• The secret is used to generate authentication tokens during registration

• Registration generates a unique session token
• All subsequent operations require the session token
• Session tokens are cryptographically secure (32 bytes, URL-safe)
• Each instance can only have one active session

• The server validates that messages come from the claimed sender
• You cannot send messages as another instance
• Session tokens are tied to specific instance IDs

• Server binds to 127.0.0.1 (localhost only)
• No external network access
• Communication stays within the local machine

1. Set the shared secret:

   export IPC_SHARED_SECRET="your-secret-key-here"

2. Add the MCP server:

   claude mcp add claude-ipc -s user -- python /path/to/claude_ipc_server.py

3. The MCP will handle authentication automatically when you register

1. Set the shared secret:

   export IPC_SHARED_SECRET="your-secret-key-here"

2. Register your instance:

   ./ipc_register.py fred

   This creates ~/.ipc-session with your session token

3. Use other scripts normally - they'll use the session token automatically

1. Choose a strong shared secret: Use a long, random string
2. Keep the secret secure: Don't commit it to version control
3. Rotate secrets periodically: Change the secret if compromised
4. Monitor for failures: Check logs for authentication failures

1. Client provides instance_id and shared secret
2. Server validates: sha256(instance_id:shared_secret)
3. Server generates session token and stores mapping
4. Client receives session token for future requests

1. Client includes session token in all requests
2. Server validates token and extracts true instance_id
3. Server ignores any claimed from_id, using session's instance_id
4. Message delivered with verified sender identity

• Session token stored in memory for the MCP instance lifetime
• Automatically included in all tool calls after registration

• Session data saved to ~/.ipc-session (mode 0600)
• Format:

  {
    "instance_id": "fred",
    "session_token": "secure-random-token"
  }

• Identity spoofing: Can't pretend to be another instance
• Unauthorized access: Must know shared secret to register
• Session hijacking: Tokens are random and unpredictable
• Message tampering: Each message validated against session

• Local user access: Any user on the system can connect to localhost:9876
• Memory inspection: Tokens stored in process memory
• Replay attacks: Old messages could be resent (include timestamps in your protocol)

• Check that IPC_SHARED_SECRET is set correctly
• Ensure all instances use the same secret

• Make sure you've registered first
• For Python scripts, check ~/.ipc-session exists
• Try re-registering if session was lost

• Wait 1 hour between renames
• This prevents abuse of the forwarding system